{{- if .Values.rbacManager.deploy }}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ template "crossplane.name" . }}-rbac-manager
  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ template "crossplane.name" . }}-rbac-manager
    release: {{ .Release.Name }}
    {{- include "crossplane.labels" . | indent 4 }}
  {{- with .Values.customAnnotations }}
  annotations: {{ toYaml . | nindent 4 }}
  {{- end }}
spec:
  replicas: {{ .Values.rbacManager.replicas }}
  selector:
    matchLabels:
      app: {{ template "crossplane.name" . }}-rbac-manager
      release: {{ .Release.Name }}
  strategy:
    type: {{ .Values.deploymentStrategy }}
  template:
    metadata:
      {{- if or .Values.metrics.enabled .Values.customAnnotations }}
      annotations:
      {{- end }}
      {{- if .Values.metrics.enabled }}
        prometheus.io/path: /metrics
        prometheus.io/port: "8080"
        prometheus.io/scrape: "true"
      {{- end }}
      {{- with .Values.customAnnotations }}
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        app: {{ template "crossplane.name" . }}-rbac-manager
        release: {{ .Release.Name }}
        {{- include "crossplane.labels" . | indent 8 }}
    spec:
      {{- with .Values.podSecurityContextRBACManager }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- if .Values.priorityClassName }}
      priorityClassName: {{ .Values.priorityClassName | quote }}
      {{- end }}
      serviceAccountName: rbac-manager
      initContainers:
      - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}"
        args:
        - rbac
        - init
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        name: {{ .Chart.Name }}-init
        resources:
          {{- toYaml .Values.resourcesRBACManager | nindent 12 }}
        {{- with .Values.securityContextRBACManager }}
        securityContext:
          {{- toYaml . | nindent 12 }}
        {{- end }}
        env:
          - name: GOMAXPROCS
            valueFrom:
              resourceFieldRef:
                containerName: {{ .Chart.Name }}-init
                resource: limits.cpu
          - name: GOMEMLIMIT
            valueFrom:
              resourceFieldRef:
                containerName: {{ .Chart.Name }}-init
                resource: limits.memory
      containers:
      - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}"
        args:
        - rbac
        - start
        {{- range $arg := .Values.rbacManager.args }}
        - {{ $arg }}
        {{- end }}
        - --provider-clusterrole={{ template "crossplane.name" . }}:allowed-provider-permissions
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        name: {{ .Chart.Name }}
        resources:
          {{- toYaml .Values.resourcesRBACManager | nindent 12 }}
        {{- if .Values.metrics.enabled }}
        ports:
        - name: metrics
          containerPort: 8080
        {{- end }}
        {{- with .Values.securityContextRBACManager }}
        securityContext:
          {{- toYaml . | nindent 12 }}
        {{- end }}
        env:
          - name: GOMAXPROCS
            valueFrom:
              resourceFieldRef:
                containerName: {{ .Chart.Name }}
                resource: limits.cpu
          - name: GOMEMLIMIT
            valueFrom:
              resourceFieldRef:
                containerName: {{ .Chart.Name }}
                resource: limits.memory
          - name: LEADER_ELECTION
            value: "{{ .Values.rbacManager.leaderElection }}"
        {{- range $key, $value := .Values.extraEnvVarsRBACManager }}
          - name: {{ $key | replace "." "_" }}
            value: {{ $value | quote }}
        {{- end}}
      {{- if .Values.rbacManager.nodeSelector }}
      nodeSelector: {{ toYaml .Values.rbacManager.nodeSelector | nindent 8 }}
      {{- end }}
      {{- if .Values.rbacManager.tolerations }}
      tolerations: {{ toYaml .Values.rbacManager.tolerations | nindent 6 }}
      {{- end }}
      {{- if .Values.rbacManager.affinity }}
      affinity: {{ toYaml .Values.rbacManager.affinity | nindent 8 }}
      {{- end }}
{{- end}}
